C002814 Engineer (Digital Forensics Analysis) (NS) - MON 1 May

Deadline Date: Monday 1 May 2023

Requirement: Engineer (Digital Forensics Analysis)

Location: Mons, BE

Full time on-site: Yes

Time On-Site: 100%

NATO Grade: A/97

Total Scope of the request (hours): 988

Required Start Date: 1 June 2023

End Contract Date: 31 December 2023

Required Security Clearance: NATO SECRET

Duties and Role:

The contracted individual must be able to perform effectively and efficiently with minimal supervision. The contracted individual will be embedded in a Cyber Incident Response team as a technical expert in Digital Forensics.

Within the Cyber Security Operations Branch and reporting to the Incident Analysis and Response Section Head, the duties of the individual mainly focus on:

  • Provide technical and expert support for to the 24/7 Cyber Security Incident Analysis and Responses process.
  • Execute Digital Forensic Analysis in the form of network, system and memory forensics and capture the results in a technical Analysis report.
  • Execute Mobile Forensics and code analysis, predominantly, but not only, on Apple iOS-based hardware.
  • Execute Forensics on systems hosted on cloud environments, in IaaS, PaaS and SaaS solution.
  • Develop and Maintain the Digital and Network Forensics capability on deployable kits to support Cyber Incident Response.
  • Leverage automation and integration mechanisms/tools by writing scripts, preferably in Python or Powershell.
  • Write and Review reports on Digital Forensics cases, both at technical level (that could be receivable in courts) and at managerial/executive level (answering the "so what?")
  • Identification and Sharing of technical Indicators of Compromise with the other NATO stakeholders, the NATO nations and our different partners, in accordance with our sharing agreements.
  • Participate in, or support a Cyber Security Response Team designated to provide Cyber Security Incident Response happening on one or multiple physical locations, including NATO Alliance Operations and Missions.
  • Support the production of Standard Operating Procedures covering all aspects of Digital Forensics and Cyber Incident Response.


Skill, Knowledge & Experience:

  • The candidate must have a currently active NATO SECRET security clearance
  • The contracted individual will hold a University degree at a nationally recognised/certified University in a technical subject with substantial Information Technology (IT) content and 3 years post-related experience. The lack of a university/college degree may be compensated by the demonstration of a at least 8 years extensive and progressive expertise in the duties related to the function of the SOW.

The required skillset for the contracted individual is:

  • At least 3 years overall demonstrable experience in conducting Digital Forensics.
  • Recent experience in mobile forensics and cloud forensics.
  • Excellent abilities and demonstrable experience in writing reports, both at technical and executive level, ideally that are receivable in courts.
  • Very good understanding of the inner working of modern Operating Systems on Windows and Linux environment, virtual machines, kubernetes and mobile OS (iOS preferably).
  • Very good understanding of communication mechanisms on modern internet-facing systems: REST, SOAP, AJAX, MIME, API calls, ...
  • Very Good practical experience in developping and understanding modern scripting languages: Python, PowerShell, Javascript
  • Good understanding of the TCP/IP stack up to the Application Layer.
  • The ability to work independently (while having support of the team), taking initiatives, identifying areas of potential improvement and taking ownership;

Cyber Security Jobs by Category

Cyber Security Salaries